Device agnostic security layer and system

ABSTRACT

A network end-point communicates, to a controller, a unique hardware identifier that is associated with a first end-point. The network end-point receives from the controller a first encryption key that is uniquely matched to a decryption key privately held by a second end-point. The network end-point then receives device data from a first device in direct communication with the first end-point. The network end-point communicates the device data to the second end-point, wherein the device data is encrypted using the first encryption key.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to and benefit of U.S. ProvisionalPatent Application No. 62/557,849, entitled “Device Agnostic SecurityLayer and System”, filed on Sep. 13, 2017, which application isincorporated by reference herein in its entirety.

BACKGROUND

In many computer, networking, and other electronic systems, providingflexible configurations can be a key factor in meeting functionalrequirements. Computers have long supported plug-and-play hardware wherea computer detects an installed device, installs a driver for thedevice, and then is able to use or otherwise interface with the device.Common interfaces, such as the various USB standards, allow for avariety of devices to be connected to common ports.

Networks also provide similar flexibility. Most networks supportconnections from a variety of devices communicating with the sameprotocols. Even in a simple home network, a user may connect computers,smart phones, tablets, televisions, and other smart devices to thenetwork.

In some electronic systems, similar flexibility is desired. However, dueto system requirements, such flexibility is not always attainable. Manysystems and system components have application specific requirementsfixing the type of connectors, the software platform, or thecommunication scheme. Often, these components require intense andexpensive qualification testing in order to be approved for use. Suchqualification testing is typically specific to a component'sconfiguration. As such, software and hardware updates may be difficult,costly, or even impossible due to the requirements of requalification oreven accessing a system. In some cases, logistical realities may addadditional difficulties, including maintenance cycles that only providefor updates after months or even years.

Another aspect of such electronic systems is a desire to provide adistributed system. This allows a user to install components inadvantageous positions in a platform. For example, in at least oneembodiment, certain components need to be placed for easy access, forexample at waist or table height. Other components may only need to beserviceable and are either not commonly used or only provide control orprocessing functionality. As such, these may be placed in lower orhigher positions. Displays or readouts need to be placed where they canbe seen.

An alternative example is a vehicle gathering sensor data. The driver orpilot may need access to the system to monitor progress. An operatorwill need to interface with and control the system. Sensors orcommunications devices need to be advantageously located to performtheir functions. In some cases, there may even be remotely connecteddevices located in a different vehicle and connected through somenon-wired communication means, such as a wireless network or acommunications array. The distributed nature of these components may addadditional difficulties in updating or otherwise modifying theirconfiguration, as they may not be regularly accessible.

In many systems, as in the above examples, connecting the distributedcomponents requires custom connections and cabling. This can includeexpensive custom connectors and bulky cables that increase weight, cost,size, and power factors that can negatively impact a system. There isalso a need to provide secure communication, which often must bedesigned into each component independently

Further, in many systems, components are designed and updated over manyyears or even decades. Those skilled in the art often desire to use themost effective or efficient protocols for running components. And,changes in standards and mission requirements often require an update tonewer standards. Existing devices, sometimes called legacy devices,often can perform mission functionality, but may not be able tocommunicate with newer devices or systems. In some cases, they may alsofail to meet new standards. The cost of redesigning such components canbe very high. Design and qualification cycles can, in some cases,overlap multiple changes to security, communications, or other systemstandards. And, for changes as simple as a connector, software, or anoperating system in a legacy device, the cost of redesign is very highwhen the key features of such a legacy device are often thecommunication, sensing, or other end-purpose functionality that isprovided.

Some distributed platforms and systems need to be easily reconfigurablewhile providing multiple layers of security. Many existing legacydevices are unable to provide such security. As such, these distributedplatforms and systems will require design of new components or redesignof legacy components to provide integrated security features to meet thesecurity requirements, a common software or operating system, and acommon connector scheme to replace the existing legacy devices. Theywill also require qualification testing. These new components willincrease the cost and time of deployment of the distributed systems and,in some cases will require the retirement of legacy devices that canstill effectively perform their tasks and are otherwise sound. And, inthe near future, these new or redesigned components will likely becomelegacy components to be phased out when the system standards changeagain.

The subject matter claimed herein is not limited to embodiments thatsolve any disadvantages or that operate only in environments such asthose described above. Rather, this background is only provided toillustrate one exemplary technology area where some embodimentsdescribed herein may be practiced.

BRIEF SUMMARY

In at least one embodiment, a network end-point communicates, to acontroller, a unique hardware identifier that is associated with a firstend-point. The network end-point receives from the controller a firstencryption key that is uniquely matched to a decryption key privatelyheld by a second end-point. The network end-point then receives devicedata from a first device in direct communication with the firstend-point. The network end-point encrypts the device data using thefirst encryption key and communicates the device data to the secondend-point.

Additionally, in at least one embodiment, a controller receives a uniquehardware identifier from a first end-point that is in communication witha network. The controller determines that the unique hardware identifieris present within a mission profile. The mission profile comprises anindication of a second end-point to which the first-endpoint is allowedto communicate. The controller communicates to the first end-point afirst encryption key that is uniquely matched to a decryption keyprivately held by the second end-point.

Further, in at least one embodiment, an end-point communicates a uniquehardware identifier that is associated with a first end-point and adevice profile from the first end-point. The device profile indicates afirst device that is in direct communication with the first end-point. Acontroller receives the unique hardware identifier and the deviceprofile from the first end-point that is in communication with anetwork. The controller determines that the unique hardware identifieris present within a mission profile. The mission profile comprises anindication of a second end-point to which the first-endpoint is allowedto communicate. The controller then communicates to the first end-pointa first encryption key that is uniquely matched to a decryption keyprivately held by the second end-point and a first translation profilethat comprises instructions for communicating over a particular hardwareadaptor with the first device. The first end-point receives from thecontroller the first encryption key. In at least one embodiment, thefirst end-point also receives the translation profile. The firstend-point receives device data from a first device in directcommunication with the first end-point. The first end-point thengenerates translated device data from the device data using thetranslation profile. The translated device data is translated into asoftware language that is understandable by a second device in directcommunication with the second end-point. The first end-point encryptsthe translated device data and communicates it to the second end-point,wherein the device data is decrypted using the first encryption key anddelivered to the second device. In another embodiment, the second devicereceives the translation profile. The first end-point receives devicedata from a device in direct communication with the first end-point. Thefirst end-point encrypts the device data using the first encryption keyand communicates the encrypted data to a second end-point over thenetwork. The second end-point decrypts the data, and translates it usingthe translation profile into a software language understandable by thesecond device. The second end-point delivers the translated device datato the second device.

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used as an aid in determining the scope of the claimed subjectmatter.

Additional features and advantages will be set forth in the descriptionwhich follows, and in part will be obvious from the description, or maybe learned by the practice of the teachings herein. Features andadvantages of the invention may be realized and obtained by means of theinstruments and combinations particularly pointed out in the appendedclaims. Features of the present invention will become more fullyapparent from the following description and appended claims, or may belearned by the practice of the invention as set forth hereinafter.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to describe the manner in which the above-recited and otheradvantages and features can be obtained, a more particular descriptionof the subject matter briefly described above will be rendered byreference to specific embodiments which are illustrated in the appendeddrawings. Understanding that these drawings depict only typicalembodiments and are not therefore to be considered to be limiting inscope, embodiments will be described and explained with additionalspecificity and detail through the use of the accompanying drawings inwhich:

FIG. 1 illustrates an embodiment of a network system with a deviceagnostic security layer.

FIG. 2 illustrates an embodiment of an end-point for use in the network.

FIG. 3 illustrates an embodiment of a controller for use in the networkend-point system.

FIG. 4 depicts a flow chart of steps within an embodiment of a methodfor managing secure network communications.

FIG. 5 depicts a flow chart of steps within another embodiment of amethod for managing secure network communications.

FIG. 6 depicts a flow chart of steps within still another embodiment ofa method for managing secure network communications.

FIG. 7 depicts a flow chart of steps within yet another embodiment of amethod for managing secure network communications.

DETAILED DESCRIPTION

The following discussion now refers to a number of devices, methods, andmethod acts that may be practiced or performed. Although the method actsmay be discussed in a certain order or illustrated in a flow chart asoccurring in a particular order, no particular ordering is requiredunless specifically stated, or required because an act is dependent onanother act being completed prior to the act being performed.

Referring now to FIG. 1, an embodiment of a network system 100 isillustrated. The depicted network system 100 comprises devices 110 a and110 b connected to end-points 120 a, 120 b, and a controller 130connected to end-point 120 c. The devices 110 a and 110 b in variousembodiments may perform a variety of functions. Configurations andfunctions of devices 110 a and 110 b in the network system 100 may varybetween implementations.

Example devices 110 a and 110 b include radio frequency, transmitters,receivers, encryption devices, decryption devices, attenuators,antennas, antenna controllers, communication systems and devices,sensors, and any other device that is desired to connect to and operatewithin the network system 100.

In some embodiments of the network system 100, controller 130 is also adevice (e.g., device 110 a, 110 b). In other embodiments, the controller130 is present in network system 100, but is treated differently fromthe devices 110 a and 110 b. For example, in at least one embodiment,the controller 130 is in communication with the network system 100 butis not connected directly to end-point 120 c. Instead, the controller130 communicates directly with the end-points 120 a, 120 b that areconnected to the devices 110 a, 110 b.

The purpose and function of the controller 130 is to provide controlover at least a part of the communication within the network system 100.Such control can include addressing, encrypting, sending, receiving, andotherwise routing traffic in the network system 100. In one embodiment,the controller 130 also acts as a decision maker for and within thenetwork system 100.

In at least one embodiment, device 110 a in the system is a source, theend-point 120 a receives data from the source device 110 a and preparesit for secure transmission to intended recipient device 110 b. In atleast one embodiment, the devices 110 a and 110 b may include bothsource and recipient devices.

A mission profile 131, within the controller 130, provides details on anintended configuration of the network system 100 for a given mission orapplication. For instance, end-point 120 a, has a unique hardwareidentifier 121 a with which it is associated. The unique hardwareidentifier 121 a identifies the end-point 120 a to the controller 130.In at least one embodiment, the mission profile 131 contains the uniquehardware identifiers for each end-point that is allowed to communicateon the network. Additionally, the mission profile 131 may also definewhich end-points are allowed to communicate with each other. Further, inat least one embodiment, each device 110 a and 110 b is associated witha unique hardware identifier. In such an embodiment, the mission profile131 also references the unique hardware identifiers that are associatedwith each device 110 a and 110 b. In a further embodiment, the missionprofile also associates specific end-points with specific devices, suchthat only an end-point with a particular unique hardware identifier isallowed to communicate with a device that has another specific uniquehardware identifier.

As such, based on whether a unique hardware identifier 121 b isreferenced within the mission profile 131, the controller 130 determinesif the end-point 120 b is allowed to connect to the network system 100.In at least one embodiment, the controller 130 filters communicationpackets, network traffic, or network messages such that packets,traffic, or messages are only delivered to the correct end-point. In analternative or additional embodiment, the end-points 120 a, 120 b, and120 c also or alternatively perform the filtering by ignoringcommunication packets, network traffic, or network messages that are notaddressed to them specifically. Accordingly, the devices 110 a and 110 band controller 130 are physically separated from each other by at leastone of the end-points 120 a, 120 b, and 120 c. One skilled in the artwill appreciate the security benefits of such a set-up. For example, ifa malicious device is connected to the network through end-point 120 a,the end-point will physically prevent the malicious device fromaccessing communications addressed to any other device. Additionally,based upon the mission profile 131, the end-point 120 a and/or thecontroller 130 may also identify that the malicious device is notallowed on the network. The end-point 120 a and/or the controller 130can then notify an administrator of the intrusion and further segregatethe malicious device from the network.

In some embodiments, the mission profile 131 includes encryption keysfor encrypting network traffic. The encryption keys are matched to theallowed end-points that have hardware identifiers in the mission profile131. Each allowed end-point has a security decryption key matching oneof the encryption keys. In this way, using the information in themission profile 131, each end-point 120(a-c) can encrypt network trafficsuch that it can only be decrypted by the intended destinationend-point. Network traffic received by other end-points or maliciousdevices attempting to connect to the network system will remain securelyencoded, as each security decryption key is unique to each end-point.

In some embodiments, network traffic is communication packets or networkmessages containing data, instructions, or other electronic informationintended for the device to which the network traffic is addressed.

For example, end-point 120 a has a first security decryption key andend-point 120 b has a second security decryption key. Both end-point 120a and 120 b are allowed end-points with hardware identifiers 121 a and121 b included in the mission profile 131. Because of this, a first andsecond encryption key, matching the first and second security decryptionkeys, respectively, are included in the mission profile. When networktraffic needs to be sent to, for example, device 110 a connected toend-point 120 a, the controller 130 will provide the first encryptionkey in the mission profile to end-point 120 b, which will encrypt thenetwork traffic. After passing through the network, the network trafficwill arrive at both end-points 120 a and 120 c. Even if both end-points120 a and 120 c attempt to decrypt the network traffic, the actual datawill only be decryptable by end-point 120 a. In particular, end-point120 c, having another security decryption key, will not be able todecrypt the traffic. End-point 120 a will be able to decrypt the networktraffic, having the correct first security decryption key. Afterdecrypting, end-point 120 a will be able to pass the message on toconnected device 110 a. Further, any other devices, including thecontroller 130, connected to the network will not be able to decrypt thenetwork traffic, as they also lack the first security decryption key.This security encryption scheme allows the end-points 120 a and 120 b toprovide a software barrier to network traffic and ensure that decrypteddata only reaches the devices for which it is intended.

In another embodiment, the network system 100 uses both filtering andencryption to secure transmission of network traffic. For example,end-point 120 a has a first security decryption key and end-point 120 bhas a second security decryption key. Both end-point 120 a and 120 b areallowed end-points with hardware identifiers 121 a and 121 b included inthe mission profile 131. Because of this, a first and second encryptionkey, matching the first and second security decryption keys,respectively, are included in the mission profile.

Further, end-points 120 a and 120 b both have a filter configured todrop or otherwise block traffic with an improper authentication code.After the controller 130 identifies that end-points 120 a and 120 b havehardware identifiers in the mission profile, they are able to join thenetwork. End-point 120 a identifies the device 110 a connected toend-point 120 a and provides this information to the controller 130.End-point 120 b does the same for the device 110 b connected toend-point 120 b. After receiving this information, the controller 130consults the mission profile 131 for a security level clearance for eachdevice 110 a and 110 b. Based on the security clearance level, thecontroller 130 assigns and conveys an authorization code to eachend-point. As used herein, an authorization code comprises any means tocommunicate data and have it receive by and/or readable by predeterminedend-points 120(a, b). For example, the authorization code may comprise anetwork addressing scheme, a hash that is specific to an end-pointhardware ID, a pseudo-random number sequence, or any other similarmeans. Further, as used herein, “addresses” and “addressing” are used ina broad sense such that these terms include any use of authorizationcodes. As such, a network “address” may refer to an end-point comprisinga particular authorization code. Similarly, addressing a networkcommunication may comprise communicating in such a way that the networkcommunication is received and/or readable by a particular end-point thathas a particular authorization code. The authorization code correspondsto the filter in each end-point such that the filter will reject networktraffic not addressed to that specific end-point.

When network traffic needs to be sent to, for example, device 110 aconnected to end-point 120 a, the transmitting end-point, for exampleend-point 120 b, will use the appropriate encryption key in the missionprofile and encrypt the network traffic. In such an embodiment, themission profile is accessible to end-point 120 b through communicationwith the controller 130 or alternatively, end-point 120 b may directlyretrieve the appropriate encryption key from end-point 120 a.

The controller 130 or the respective end-point 120 b will then addressthe network traffic to end-point 120 a and device 110 a. After passingthrough the network, the network traffic will arrive at both end-point120 a and 120 b. The filter for end-point 120 a will pass the networktraffic, as it has a proper authorization code. The filter in end-point120 b, however, will reject and block the network traffic.

End-point 120 a will decrypt the network traffic, having the correctfirst security decryption key. After decrypting, end-point 120 a will beable to pass the message on to connected device 110 a. Any other devicesconnected to the network will not be able to decrypt the networktraffic, as they also lack the first security decryption key. Any otherend-points connected to the network will not allow the network trafficthrough the filtering process. This combined security scheme allows theend-points 120 a and 120 b to provide a physical and software barrier toensure that no device 110 a or 110 b sees network traffic for which itlacks security clearance. In some embodiments, the combined securityscheme using filtering and encryption/decryption is configured to ensureneed-to-know transmission.

As described, in at least one embodiment, each end-point 120 a, 120 b,and 120 c provides a physical and software security barrier between thedevices 110 a and 110 b and the controller 130. This barrier ensuresthat any device 110 a and 110 b connected to the network system 100 mayonly receive network traffic addressed to the device 110 a and 110 b andfor which the device 110 a and 110 b has a security clearance level, asdefined in the mission profile 131. This physical and software securitybarrier provides need-to-know assurance within the network system. In atleast one embodiment, this barrier provides that no transmission may bereceived by or enter into any device 110 a and 110 b for which it is notintended. To this end, each end-point 120 a and 120 b is a separatedevice connected directly to each device 110 a and 110 b.

In an additional or alternative embodiment, the end-points 120 a, 120 b,and 120 c provide translation between the devices 110 a and 110 bconnected to the end-point 120 a and 120 b. For example, device 110 a isan older device running old or obsolete software, sometimes called alegacy device. Often, due to the design parameters of devices such aslegacy device 110 a, updating the software for legacy device 110 a isdifficult, costly, or otherwise not possible. In some embodiments, thecost or difficulty of updating legacy device 110 a requires that it onlybe updated periodically, sometimes after several years. As such, legacydevice 110 a cannot communicate with the network system 100, as thecontroller 130 is configured to run the network on a different versionof software.

End-point 120 a is configured to identify legacy devices such as legacydevice 110 a. When end-point 120 a detects that legacy device 110 a isconnected, it identifies legacy device 110 a. End-point 120 a is furtherconfigured to communicate in a default software language andcommunication protocol for the network. The default software languageand communication protocol may be updatable by the controller 130 in theevent that its software is out of date. After identifying legacy device110 a, end-point 120 a passes this information to the controller 130.The controller 130, in turn, provides end-point 120 a with a translatorprofile that end-point 120 a can use to convert the old or obsoletesoftware language of legacy device 110 a into network traffic using thedefault software language and communication protocol of the network. Onewill appreciate that when communicating with legacy devices, either thefirst end-point that is directly connected to the legacy device mayperform the translation or the second end-point that is receiving datafrom the legacy device can perform the translation. In any case,however, communicating across the network itself may be performed usingthe default software language and communication protocol of the network.This has the advantage of allowing the network system 100 to make use ofdevices, including legacy devices, that may not communicate in the samesoftware language as the network.

In yet another embodiment, where the end-points 120 a and 120 b providesecurity and filtering, as described above, the end-points 120 a and 120b also provide the software translation as described above. In this way,a single piece of hardware, the end-point, can advantageously combinesecurity protection, both through addressing and encryption/decryption,but also software translation for devices that may lack all of thesefeatures. Those skilled in the art will appreciate that changing systemrequirements often requires redesign of many system components,including requalification. The end-points in concert with thecontroller, when designed and qualified for a given set of systemrequirements, can allow any desired hardware to be connected and used inthe network without requalification. Further, in system embodimentswhere software updates occur frequently, the controller and end-pointscan quickly and efficiently provide an interface that is adaptable tothe connected devices, regardless of the connected devices' currentsoftware state or any barriers to that software

In embodiments where controller 130 is considered a device 110 a or 110b, the end-point 120 a, 120 b, or 120 c may be a separate piece ofhardware. In at least one embodiment, this is helpful in preventingtransmissions within the network system 100 not intended for thecontroller 130 from entering into the controller 130. In someembodiments, this provides the physical and software security barrierbetween a plurality of controllers 130, allowing the plurality ofcontrollers 130 to operate under a plurality of mission profiles 131within the same network system 100. In contrast, in embodiments wherethe controller 130 is not treated as a device 110 a or 110 b, theend-point 120 c may be either a separate piece of hardware or hardwareintegral to the controller 130. The barrier requirement of the networksystem 100 is still be met because the controller 130 in suchembodiments has visibility to and provides control over all the networktraffic and devices 110 a and 110 b. Additionally, in at least oneembodiment, the end-point 120 c at the controller 130 is virtualized insoftware to provide the same functionality as a hardware end-point 120c.

In at least one embodiment, the network system 100 is adapted andconfigured to provide multi-level security (MLS). In at least oneembodiment, this is accomplished at least in part by the controller 130providing overall network security control for the network system andthe end-points 120 a and 120 b providing local network security controlat each device 110 a and 110 b under the umbrella of the controller 130and end-point 120 c.

For example, in at least one embodiment, within the network system 100,the controller 130 uses the mission profile 131 to determine whichend-points 120 a and 120 b may connect to the network system 100. Thecontroller 130 helps ensures that no other end-points or devices mayconnect to the network, securing the network traffic from connectionsnot supported in the mission profile 131. The end-points 120 a and 120 bidentify devices 110 a and 110 b connected to the end-points 120 a and120 b, respectively, and communicate this information to the controller130. The controller 130 then assigns security clearance levels to eachdevice 110 a and 110 b and corresponding end-points 120 a and 120 b androuts network traffic accordingly using addressing, encryption, or othersecure means.

Accordingly, locally at each device 110 a and 110 b, the end-points 120a and 120 b provides a physical security barrier to network traffic byfiltering out network traffic not intended for the connected devices 110a and 110 b. Further, the end-point 120 a and 120 b provides a softwaresecurity barrier by decrypting and encrypting network traffic so thatonly the respectively connected device 110 a or 110 b may read it. Onlynetwork traffic with the proper encryption may be decrypted by theend-point 120 a or 120 b. The combination of the controller 130operating security within the entire network system 100 and theend-points 120 a, 120 b, and 120 c provides security for the networksystem 100 at multiple levels as required in an MLS scheme. Thoseskilled in the art will appreciate that this network system has theadvantage of allowing an MLS system to be implemented using devices 110a and 110 b that may individually lack a configuration capable ofsupporting MLS, but which can still be integrated into an MLS systemthrough the features added by the controller 130 and the end-points 120a, 120 b, and 120 c.

In at least one embodiment, the network system 100 is adapted to provideopen mission systems (OMS) support. This standard requires that thenetwork system 100 provide services such that any device 110 a or 110 bmay connect to the network system 100 regardless of whether or not thedevice 110 a or 110 b is configured to communicate with the networksystem 100. In some embodiments, this lack of ability to communicate maybe the result of different hardware or software interfaces, differentoperating systems, different message or network traffic formatting, orother communication barriers.

In some embodiments, the network system 100 provides OMS support throughthe end-points 120 a, 120 b, and 120 c, which provide translation andadaptation for any differences in hardware interfaces, softwareinterfaces, operating systems, message formatting, network trafficformatting, or other communication barriers. For example, the end-points120 a, 120 b, and 120 c may comprise a variety of differentcommunication ports that support different protocols. In at least oneembodiment, an end-point 120 a, 120 b, or 120 c communicates to thecontroller 130 through an Ethernet port. However, the end-point 120 a,120 b, or 120 c also comprises device-facing-ports such as a serialport, a SPI port, a USB port, a coaxial port, a second Ethernet port, orany other number of types of ports desired. In at least one embodiment,the end-point 120 a or 120 b communicates to the controller 130 throughthe Ethernet port and also communicates to the desired device 110 a or110 b through any of the ports selected from the device-facing-ports.

For example, in at least one embodiment, the network system 100 isconfigured to communicate over Ethernet, such that the controller 130and end-points 120 a, 120 b, and 120 c connect to one another usingEthernet. However, one or more devices 110 a, 110 b may communicateusing different means. For example, a first device 110 a may use aserial port for communication. A second device 110 b may use Ethernetcommunication, but communicates using an older version of the Ethernetprotocol. For the first device 110 a, the end-point 120 a provides anEthernet-to-serial hardware conversion, allowing the first device 110 ato physically connect to the network system 100. The second device 110 bconnects to an Ethernet output of the end-point 120 b and is able tophysically connect to the network system 100. The end-point 120 aconnected to the first device 110 a identifies the first device 110 a tothe network system 100 and the controller 130. The controller 130identifies if software translation is required to convert networktraffic from the Ethernet protocol to the serial protocol being used bythe first device 110 a. If the end-point 120 a is capable of performingthe software translation, it does so. If not, the controller 130provides the end-point 120 a with a translator profile that will allowthe end-point 120 a to translate the network traffic to the protocol ofthe first device 110 a. For the second device 110 b, the end-point 120 bconnected to the second device 110 b will identify the second device 110b to the network system 100 and the controller 130. The controller 130will then provide the end-point 120 b with a translator profile forconverting network traffic between the two Ethernet protocols.

Once the controller 130 has provided the end-points 120 b and 120 c withthe translator profiles, the end-points 120 a and 120 b facilitatescommunication between the first and second devices 110 a and 110 b andthe network system 100. The hardware and software translation providedby the end-points 120 a and 120 b and controller 130 allow the networksystem 100 to be open to connections from devices 110 a and 110 b with avariety of different hardware and software communication schemes, thussupporting an OMS architecture.

In at least one embodiment, each of the first and second devices 110 aand 110 b may be connected to a first and second end-point 120 a and 120b, respectively. Each of the first and second end-points 120 a and 120 bhandles the translation for the specific device 110 a or 110 b connectedto it. In another embodiment, both the first and second devices areconnected to a single end-point which handles translation for both thefirst and second devices.

In at least one embodiment, the network system 100 is configured for MLSsupport and not OMS support. In another embodiment, the network system100 is configured for OMS support and not MLS support. In yet anotherembodiment, the network system 100 is configured for both MLS and OMSsupport. In such embodiments, the controller 130 and end-point 120 a,120 b, and 120 c are configured to provide the functionality necessaryfor both MLS and OMS.

Referring now to FIG. 2, an end-point 120 is illustrated. The end-point120 is configured to be connected to and pass network traffic betweenone or more devices 110 a and 110 b and the controller 130. In at leastone embodiment, the end-point 120 comprises hardware ports 210 a and 210b, physical hardware adaptors 211 a and 211 b, a hardware identifier 121unique to each end-point 120, a filter 221, processors 230, andcomputer-readable media 231. In at least one embodiment, the end-point120 further comprises a security decryption key 220 unique to eachend-point 120.

In at least one embodiment, the hardware ports 210 a and 210 b allow forconnection to a network system 100, including the controller 130. In atleast one embodiment, the hardware ports 210 a and 210 b are Ethernetports and the connection to the network system 100 is made through anEthernet cable. In embodiments where the end-point 120 c is virtualized,the hardware ports 210 a and 210 b are external connections on thecontroller 130 configured for connecting other end-points 120 a and 120b to the controller 130. In at least one embodiment, these externalconnections are Ethernet ports.

In at least one embodiment, the physical hardware adaptors 211 a and 211b allow for connection to devices 110 a and 110 b. In some embodiments,the physical hardware adaptors 211 a and 211 b are Ethernet,general-purpose input/output (GPIO), 10/100/1000 Base-T, serialperipheral interface (SPI), RS-232, RS-422, RS-485, 1553, serial, highvoltage, 28-volt, discrete, or other connectors found on the devices 110a and 110 b. As an example of the configuration of the hardware ports210 a and 210 b and physical hardware adaptors 211 a and 211 b, in atleast one embodiment, the end-point 120 has one or more Ethernet portsconfigured for connecting to the controller 130. The end-point 120 mayalso have one or more of each of the example physical hardware adaptorsconfigured for connecting to devices 110 a and 110 b. This allows theend-point 120 to connect to a variety of devices 110 a and 110 b.

In embodiments where the end-point 120 c is virtualized in thecontroller 130, the physical hardware adaptors 211 a and 211 b areconnections existing within the controller with or without connectors orvirtualized connections in software in the controller 130.

In at least one embodiment, the end-point 120 connects to a singledevice (e.g. 110 a) and provides a single point of access to the networkfor that device 110 a. In contrast, in at least one embodiment, theend-point 120 connects to a plurality of devices and provides a singlepoint of access to the network system 100 for the plurality of devices.In such embodiments, the mission profile 131 allows for a singleauthorization code and security clearance level for the plurality ofdevices. In at least one embodiment, the end-point 120 distributes thenetwork traffic to the plurality of devices connected to the end-point120. The end-point identifies which of the plurality of devicesconnected to the end-point 120 are intended as recipients of the networktraffic and only transmit the network traffic to those devices.

In at least one embodiment, the hardware identifier 121 identifies eachend-point 120 a, 120 b, and 120 c to the controller 130. For example, inat least one embodiment, end-point 120 a has a hardware identifier 121a. When the controller 130 detects that the end-point 120 a isattempting to connect to the network system 100, the controller 130 usesstandard techniques known to those skilled in the art to request thehardware identifier 121 a from end-point 120 a. The controller 130checks if the received hardware identifier 121 a is contained in themission profile 131. If it is, the controller 130 allows the end-point120 a to join the network system 100. If not, the control 130 does notallow the end-point 120 a to join the network system 100.

As another example, in at least one embodiment, the end-point 120 a hasa hardware identifier 121 a. When the controller 130 detects that theend-point 120 a is attempting to connect to the network system 100,controller 130 sends end-point 120 a a hash code. This hash code isbased on the hardware identifiers included in the mission profile 131.Upon receiving the hash code, end-point 120 a performs operations on thehash code based on the end-point 120 a's unique hardware identifier 121a. These operations result in an output hash code, which end-point 120 athen sends to controller 130. Controller 130 compares the output hashcode against an expected hash code based on the hardware identifiescontained in the mission profile 131. If the hardware identifier 121 ais in the mission profile 131, the controller 130 will find a match andallow end-point 120 a to join the network system 100. If not, thecontroller 130 will not allow the end-point 120 a to join the networksystem 100.

In at least one embodiment, the filter 221 in each end-point 120 isconfigured to filter network traffic sent in the network system 100. Thefilter 221 drops or otherwise blocks network traffic not properlyaddressed to the devices 110 a or 110 b attached to the end-point 120and passes network traffic properly addressed to the devices 110 a or110 b attached to the end-point 120.

The processors 230 and computer-readable media 231 are configured toallow the end-point 120 to perform its various functions. In at leastone embodiment, the processors 230 and computer-readable media 231 allowthe end-point 120 to identify a device profile of the devices 110 a or110 b connected to the end-point 120. As used herein, a device profilecomprises identifications associated with at least a portion of thedevices that are connected directly to the end-point 120. For example,the identification may comprise a communication protocol used by eachdevice, a device name, a device type, a version of software on thedevice, a type of software on the device, and/or other similaridentifiers. In another embodiment, the processors 230 andcomputer-readable media 231 allow the end-point 120 to decrypt networktraffic passed by the filter 221 using the security decryption key 220.In yet another embodiment, the processors 230 and computer-readablemedia 213 allow the end-point 120 to, based upon the device profile,provide software translation between the other endpoints and the devices110 a and 110 b connected to the end-point 120. Further, in at least oneembodiment, the computer readable media 231 is used to store one or moreauthorization codes.

As explained above, in some embodiments of the network system 100, somedevices 110 a and 110 b will communicate using message formats andprotocols that are incompatible with the network system 100 or thecontroller 130. The end-point 120 is configured to, after identifyingthe device profile of the devices 110 a or 110 b connected to theend-point 120, send the device profile to the controller 130, andreceive a translation profile from the controller 130 for providing thesoftware translation between the controller 130 and the devices 110 aand 110 b connected to the end-point 120.

In some embodiments, the network traffic in the network system 100 is ina protocol or message format that the device 110 a or 110 b cannotunderstand. In such embodiments, after using the filter 221 to filterout network traffic not intended for the device 110 a or 110 b and usingthe security decryption key 220 to decrypt the network traffic intendedfor the device 110 a or 110 b, the end-point 120 translates the networktraffic into a software language or format which the device 110 a or 110b can read.

In some embodiments, the network traffic in the network system 100 usesan authorization code in a form or format not readable by intendedrecipient device 110 a or 110 b. In such embodiments, the end-point 120provides translation between the device 110 a or 110 b and thecontroller 130 by receiving the network traffic, using the filter 221 toidentify network traffic intended for the device 110 a or 110 b andtranslating any relevant or necessary addressing to a form that thedevice 110 a or 110 b can read.

In at least one embodiment, the form or format of the authorization codein the network system 100 is a hash. For example, a hash may be createdby the controller 130 from one of the unique hardware identifiers 121 acontained in the mission profile 131. The network traffic intended forthe end-point 120 a can then be addressed with this hash. In at leastone embodiment, when each end-point 120 a and 120 b receives the networktraffic, the filter 221 in each end-point 120 a and 120 b decrypts thehash and compares it to the end-point's hardware identifier 121 a and121 b. In end-point 121 b, there will be no match and the filter 221 inend-point 121 b will drop or otherwise discard the network traffic. Inend-point 121 a, there will be a match and the filter 221 in end-point121 a will pass the network traffic on for decryption. This approach hasthe advantage of using a secure identification, the hardware identifier121, to identify each end-point 120 to the controller 130 and provide asecure addressing scheme. The mission profile 131 provides thecontroller 130 with the hardware identifier 121 necessary toauthenticate an end-point 120 into the network and to address networktraffic so that only a specific end-point 120 receives the message.

In at least one embodiment, the end-point 120 contains translationprofiles stored in computer-readable media 231 and uses them to providetranslation after detecting the device profiles of the connected devices110 a or 110 b. In such embodiments, the controller 130 receives thedevice profiles and determines if the translator profiles in theend-point 120 need to be updated. When needed, the controller 130 thenuploads to the end-point 120 the updated versions of the translatorprofiles.

In at least one embodiment, all translator profiles are stored in acentral location available to the controller 130 such that thecontroller 130 can provide the translator profiles to the end-pointdevice 120 as described above. In at least one embodiment, the centrallocation is in the controller 130. Those skilled in the art willrecognize that this has the advantage of allowing the controller 130 toupdate the translator profiles in this central location at any time,including while offline from the network. Further, it allows thecontroller 130 to update the translator profiles in the central locationwithout using the bandwidth of the end-point 120. In this way, theend-point 120 can, when necessary, primarily use its resources forcommunication within the network during missions under a mission profile131.

In at least one embodiment, the storage of the translator profiles inthe central location allows the end-point 120 to not persistently storeany translator profiles. In such embodiments, the end-point 120 onlyretains translator profiles while in use in a mission under a missionprofile 131. As such, the end-point 120 is only capable of providingtranslation for a device 110 a or 110 b when the controller 130 hassupplied the end-point 120 with a translator profile. Those skilled inthe art will recognize that this allows the end-point to store thetranslator profile in non-persistent memory, such as volatile memory.

In other embodiments, the end-point 120 will persistently store atranslator profile for a device 110 a or 110 b until a new device isattached. For example, end-point 120 a with device 110 a connected isused by a first mission profile and receives a translator profile fordevice 110 a. Later, when a second mission profile replaces the firstmission profile, the end-point 120 a is not included. Later still, athird mission profile is implemented that includes end-point 120 a.Through all these mission profile changes, end-point 120 a has retainedthe translator profile in persistent memory, such as non-volatilememory. When end-point 120 a joins the network under the third missionprofile, if device 110 a is still connected, end-point 120 a will beready to provide translation immediately after verifying the translatorprofile with the controller 130. Alternatively, if other devices havebeen connected, controller 130 will replace the retained translatorprofile with the appropriate ones. This is advantageous in systems whereend-point 120 is connected to the same devices regardless of the missionprofile 131. In such systems, network startup overhead is reduced.

In some embodiments, an end-point 120 is configured to power down whenconnected to a device 110 a or 110 b that is not explicitly allowed inthe mission profile 131. Additionally, in some embodiments, theend-points 120 a, 120, and 120 c are configured to only provide power tothe physical hardware adaptors 211 a and 211 b that are connected to thedevices 110 a and 110 b allowed within the mission profile.

Referring now to FIG. 3, the controller 130 is illustrated. In at leastone embodiment, the controller 130 comprises processors 310, memory 320,a mission profile 131 stored in the memory 320, and hardware ports 330.The controller 130 is configured to provide dynamic network services forthe devices 110 a and 110 b and the end-points 120 a and 120 b. In atleast one embodiment, the mission profile 131 comprises a list ofhardware identifiers 340, a set of encryption keys 342, and adescription of security levels 344.

In at least one embodiment, the list of hardware identifiers 340 liststhe hardware identifier 121 for each end-point 120 that is allowed toconnect to the network system 100.

In at least one embodiment, the set of encryption keys 342 includessecurity encryption keys that correspond to the security decryption key220 for each end-point 120 that is included in the list of hardwareidentifiers 340. In at least one embodiment, the description of securitylevels 344 provides definitions of the security levels for each device110 a and 110 b that is connected to the network system 100. Thedescription of security levels 344 may comprise a list of specificdevices. The devices may be specified by type, a unique identificationnumber, or any other defining characteristic that may be determined bythe end-point 120 when identifying the device profile.

In at least one embodiment, the computer-readable media 320 hasinstructions stored thereon that are executable by the processors 310 toallow the controller 130 to identify each end-point 120 connected to thenetwork system 100. In some embodiments, the instructions are furtherexecutable by the processors 310 to assign an authorization code andconvey that authorization code to an end-point 120 when the end-point120 is connected to the network and has a hardware identifier 121 thatis included in the mission profile 131.

In at least one embodiment, the controller 130 is configured to notassign and convey authentication codes to end-points 120 withouthardware identifiers 121 in the list of hardware identifiers 340 in themission profile 131. No network traffic will be addressed to suchend-points 120, ensuring that the filter 221 in those end-points 120will drop or otherwise block all network traffic that those end-points120 receive. Further, no network traffic will be encoded in a securityencryption key from the set of security encryption keys 342 that can bedecrypted using the security decryption key 220 in those end-points 120.

In at least one embodiment, the addressing of the end-point devices 120is end-point specific. In at least one embodiment, where network trafficis to be routed to a plurality of end-points, the same network trafficis encrypted and addressed separately for each specific end-point device120.

In some embodiments, the controller 130 is configured to dynamicallymonitor the network system 100. Dynamic monitoring comprises monitoringthe network for new connections from end-points 120. In someembodiments, dynamic monitoring further comprises updating thetranslation profiles in the end-points 120 a or 120 b when the devices110 a or 110 b connected to the end-points 120 a or 120 b change. In yetfurther embodiments, dynamic monitoring comprises updating theauthorization code assigned to the end-point 120 when the networkconnection made by the end-point 120 changes status. In still furtherembodiments, dynamic monitoring comprises updating the authorizationcode assigned to the end-point 120 when the mission profile 131 changes.In further embodiments, dynamic monitoring comprises monitoring,controlling, and updating network settings based on changes in thehardware connections within the network system 100.

FIG. 4 depicts a flow chart of steps within an embodiment of a method400 for managing secure network communications. In particular, FIG. 4depicts a flow chart of various acts performed when translating datawithin the network system 100. As used within FIG. 4, the indicator“EP1” indicates acts performed by or to a first end-point, the indicator“EP2” indicates acts performed by or to a second end-point, and theindicator “Controller” indicates acts performed by or to a controller.

For example in step 410, the first end-point 120 a communicates ahardware identifier 121 (shown in FIG. 2) and a device profile to thecontroller 130 (shown in Figure) over the network 100. In step 420, thecontroller 130 receives the hardware identifier 121 and the deviceprofile. In act 430, the controller 130 then determines that thehardware identifier 121 is present within a mission profile 131 (shownin FIG. 3).

Upon verifying that the hardware identifier 121 is presenting within themission profile 131, various different embodiments may be used toprovide translation services within the network system 100. For example,in step 440, the controller 130 may communicate a first encryption keyand translation profile to the first end-point 120 a. In step 442, thefirst end-point 120 a receives the first encryption key and thetranslation profile from the controller 130. In step 444, the firstend-point 120 a then receives device data from a first device 110 a(shown in FIG. 1). Using the translation profile, the first end-point120 a translates the devices data into the default software language andnetwork protocol used by the network system 100. The first end-point 120a also encrypts the data using the first encryption key. In step 446,the first end-point 120 a then communicates the encrypted and translateddevice data to a second end-point 120 b. The second end-point 120 b isable to decrypt the data using a private encryption key.

In contrast, in at least one embodiment, it may be necessary totranslate data at both the first end-point 120 a and the secondend-point 120 b. For example, a first device 110 a connected to thefirst end-point 120 a may require translation. That received data maythen be sent to a second device 110 b (shown in FIG. 1) attached to asecond end-point 120 b that also requires translation services. Forinstance, in step 450, the controller 130 may communicate a firstencryption key and a first translation profile to the first end-point120 a. In step 451, the controller 130 may communicate a secondtranslation profile to the second end-point 120 b. In step 452, thefirst end-point 120 a receives the first encryption key and the firsttranslation profile from the controller 130. In step 453, the secondend-point 120 b also receives the second translation profile from thecontroller 130. In step 454, the first end-point 120 a then receivesdevice data from a first device 110 a. Using the first translationprofile, the first end-point 120 a translates the devices data into thedefault software language and network protocol used by the networksystem 100. The first end-point 120 a also encrypts the data using thefirst encryption key. The first end-point 120 a then communicates theencrypted and translated device data to a second end-point 120 b. Instep 455, the second end-point 120 b receives the encrypted andtranslated device data from the first end-point 120 a. The secondend-point 120 b then decrypts the data using a private encryption key.The second end-point 120 b translates the device data again using thesecond translation profile. The second end-point 120 b then provides thetwice-translated device data to the second device 110 b that isconnected to the second end-point 120 b. As such, device data can becommunicated between two different devices that both use legacy, ornon-default, communication software and network protocols.

In yet another embodiment, device data may be communicated between adevice that does communicate using the default network software languageand network protocol to a legacy device connected to another end-point.For example, as indicated by step 460, the controller 130 maycommunicate an encryption key to the first end-point 120 a. In step 461,the controller 130 may communicate a translation profile to the secondend-point 120 b. In step 462, the first end-point 120 a receives theencryption key from the controller 130. In step 463, the secondend-point 120 b receives the translation profile from the controller130. In step 464, the first end-point 120 a then receives device datafrom a first device 110 a. Because the first device 110 a is alreadyconfigured to communicate using the default software language andnetwork protocols, the first end-point 120 a does not need to translatethe devices data. The first end-point 120 a encrypts the device datausing the encryption key and communicates the encrypted device data tothe second end-point 120 b. In step 465, the second end-point 120 breceives the encrypted device data from the first end-point 120 a. Thesecond end-point 120 b then decrypts the encrypted device data using aprivate encryption key. The second end-point 120 b also translates thedecrypted device data using the second translation profile. Thetranslated device data is then provided to a second device 110 b that isconnected to the second end-point 120 b.

One will appreciate that disclosed embodiments can also be described interms of methods comprising one or more acts for accomplishing aparticular result. For example, FIGS. 5-7 and the corresponding textillustrate flowcharts of a sequence of acts methods for managing securenetwork communications. The acts of FIGS. 5-7 are described below withreference to the components and modules illustrated in FIGS. 1-4.

For instance, FIG. 5 illustrates that a method 500 for managing securenetwork communications comprises an act 510 of receiving a hardwareidentifier. Act 510 comprises receiving, at a controller, a uniquehardware identifier from a first end-point that is in communication witha network. For example, as depicted and described with respect to FIG. 1and FIG. 2, a hardware identifier 121 is associated with an end-pointinterface 120 (also referred to as an “end-point”). The end-pointcommunicates the hardware identifier to a controller 130.

Additionally, method 500 includes an act 520 of determining that thehardware identifier 121 is present within a mission profile 131. Act 520comprises determining that the unique hardware identifier 121 is presentwithin a mission profile 131, wherein the mission profile 131 comprisesan indication of a second end-point 120 b to which the first-endpoint120 a is allowed to communicate. For example, as depicted and describedwith respect to FIG. 1, FIG. 2, and FIG. 3, the controller 130 comprisesa mission profile 131. The mission profile 131 contains the uniquehardware identifiers for each end-point that is allowed to communicateon the network. Additionally, the mission profile 131 may also definewhich end-points 120 are allowed to communicate with each other.

The method 500 also includes an act 530 of communicating a firstencryption key. Act 530 comprises communicating to the first end-point120 a a first encryption key that is uniquely matched to a decryptionkey privately held by the second end-point 120 b. For example, asdepicted and described with respect to FIG. 1, FIG. 2, and FIG. 3, thecontroller 130 is associated with a computer-readable media 320. Thatmedia stores a set of encryption keys. The encryption keys areassociated with each end-point 120. A first end-point 120 a is able torequest an encryption key for a second end-point 120 b. If the missionprofile 131 allows the two end-points 120(a, b) to communicate, thecontroller 130 communicates the appropriate encryption key to the firstend-point 120 a. The communicated encryption key is a sibling of adecryption key that is held by the second end-point 120 b.

An additional embodiment of a method 600 for managing secure networkcommunications is depicted in FIG. 6. The method 600 includes an act 610of communicating a hardware identifier. Act 610 comprises communicating,to a controller, a unique hardware identifier that is associated with afirst end-point. For example, as depicted and described with respect toFIG. 1 and FIG. 2, a hardware identifier 121 is associated with anend-point interface 120 (also referred to as an “end-point”). Theend-point communicates the hardware identifier to a controller 130.

Additionally, method 600 includes an act 620 of receiving a firstencryption key. Act 620 comprises receiving from the controller 130 afirst encryption key that is uniquely matched to a decryption keyprivately held by a second end-point 120 b. For example, as depicted anddescribed with respect to FIG. 1, FIG. 2, and FIG. 3, the controller 130is associated with a computer-readable media 320. That media stores aset of encryption keys. The encryption keys are associated with eachend-point 120. A first end-point 120 a is able to request an encryptionkey for a second end-point 120 b. If the mission profile 131 allows thetwo end-points 120(a, b) to communicate, the controller 130 communicatesthe appropriate encryption key to the first end-point 120 a. Thecommunicated encryption key is a sibling of a decryption key that isheld by the second end-point 120 b.

Method 600 also includes an act 630 of receiving device data from afirst device; Act 630 comprises receiving device data from a firstdevice in direct communication with the first end-point. For example, asdepicted and described with respect to FIG. 1, each of the end-points120(a, b) are associated with one or more devices 110(a, b). The devicesmay comprise data sources such as sensors. In at least one embodiment,the first end-point 120 a receives data, such as sensor data, from afirst device 110 a.

Further, method 600 includes an act 640 of communicating the devicedata. Act 640 comprises communicating the device data to the secondend-point 120 b, wherein the device data is encrypted using the firstencryption key. For example, as depicted and described with respect toFIG. 1, the first end-point 120 a may desire to communicate the devicedata to a device that is connected to the second end-point 120 b. Priorto communicating the device data, the first end-point encrypts the datausing a first encryption key that is unique to the second end-point 120b. By encrypting the data using the first encryption key, the firstend-point 120 a is able to ensure that no other device is able todecipher the communication in route to the second end-point 120 b.

In yet a further embodiment, a method 700 for managing securecommunications in a network comprises an act 710 of communicating ahardware identifier and a device profile. Act 710 comprisescommunicating, to a controller, a unique hardware identifier that isassociated with a first end-point and a device profile from the firstend-point, wherein the device profile indicates the first device that isin direct communication with the first end-point. For example, asdepicted and described with respect to FIG. 1 and FIG. 2, a hardwareidentifier 121 is associated with an end-point interface 120. Eachend-point is also associated with a device profile. The device profilecomprises identifications associated with at least a portion of thedevices that are connected directly to the end-point 120. For example,the identification may comprise a communication protocol used by eachdevice, a device name, a device type, a version of software on thedevice, a type of software on the device, and/or other similaridentifiers. The end-point communicates the hardware identifier and thedevice profile to a controller 130.

Additionally, method 700 includes an act 720 of receiving the hardwareidentifier and the device profile. Act 720 comprises receiving, at acontroller, a unique hardware identifier and a device profile from afirst end-point that is in communication with a network. For example, asdepicted and described with respect to FIG. 1 and FIG. 2, a hardwareidentifier 121 and a device profile are associated with an end-pointinterface 120 (also referred to as an “end-point”). The end-pointcommunicates the hardware identifier and a device profile to acontroller 130.

Method 700 includes an act 730 of determining that the hardwareidentifier 121 is present within a mission profile 131. Act 730comprises determining that the unique hardware identifier 121 is presentwithin a mission profile 131, wherein the mission profile 131 comprisesan indication of a second end-point 120 b to which the first-endpoint120 a is allowed to communicate. For example, as depicted and describedwith respect to FIG. 1, FIG. 2, and FIG. 3, the controller 130 comprisesa mission profile 131. The mission profile 131 contains the uniquehardware identifiers for each end-point that is allowed to communicateon the network. Additionally, the mission profile 131 may also definewhich end-points 120 are allowed to communicate with each other. Thecontroller 130 may manage the encryption keys such that only end-pointsthat are allowed to communicate with each other have each others'encryption keys.

The method 700 also includes an act 740 of communicating a firstencryption key and a translation profile. Act 740 comprisescommunicating to the first end-point a first encryption key that isuniquely matched to a decryption key privately held by the secondend-point and a first translation profile that comprises instructionsfor communicating over a particular hardware adaptor with the firstdevice. For example, as depicted and described with respect to FIG. 1,FIG. 2, and FIG. 3, the controller 130 is associated with acomputer-readable media 320. That media stores a set of encryption keys.The encryption keys are associated with each end-point 120. A firstend-point 120 a is able to request an encryption key for a secondend-point 120 b. If the mission profile 131 allows the two end-points120(a, b) to communicate, the controller 130 communicates theappropriate encryption key to the first end-point 120 a. Thecommunicated encryption key is a sibling of a decryption key that isheld by the second end-point 120 b. The controller 130 also communicatesa translation profile that allows the first end-point 120 a tocommunicate through the correct protocol, or software language, of theattached device 110 a.

Method 700 additionally includes an act 750 of receiving a firstencryption key. Act 750 comprises receiving from the controller thefirst encryption key and the translation profile. For example, asdepicted and described with respect to FIG. 1, FIG. 2, and FIG. 3, thecontroller 130 is associated with a computer-readable media 320. Thatmedia stores a set of encryption keys and translation profiles. Theencryption keys are associated with each end-point 120. The translationprofiles are associated with various devices 110(a, b). A firstend-point 120 a is able to request an encryption key for a secondend-point 120 b. If the mission profile 131 allows the two end-points120(a, b) to communicate, the controller 130 communicates theappropriate encryption key to the first end-point 120 a. Thecommunicated encryption key is a sibling of a decryption key that isheld by the second end-point 120 b. The first end-point 120 a alsoreceives a translation profile that enables it to communicate withdevice 110 a.

Method 700 also includes an act 760 of receiving device data from afirst device. Act 660 comprises receiving device data from a firstdevice in direct communication with the first end-point. For example, asdepicted and described with respect to FIG. 1, each of the end-points120(a, b) are associated with one or more devices 110(a, b). The devicesmay comprise data sources such as sensors. In at least one embodiment,the first end-point 120 a receives data, such as sensor data, from afirst device 110 a.

Further, method 700 includes an act 770 of translating the device datausing the translation profile. Act 770 comprises generating translateddevice data from the device data using the translation profile, whereinthe translated device data is translated into a default softwarelanguage and network protocol. For example, in at least one embodiment,the network system 100 may communicate in a particular software language(i.e., protocol) that is different that the device 110 a. Further, in atleast one embodiment, the first end-point 120 a may not be configured tocommunicate or understand the device 110 a. In such a case, thetranslation profile, enables to the first end-point 120 a to translatedata received from the device 110 a into a software language that isunderstandable by the network system 100.

Further still, method 700 includes an act 780 of communicating thetranslated device data. Act 780 comprises communicating the translateddevice data to the second end-point, wherein the device data isencrypted using the first encryption key. For example, as depicted anddescribed with respect to FIG. 1, the first end-point 120 a may desireto communicate the translated device data to a device that is connectedto the second end-point 120 b. Prior to communicating the translateddevice data, the first end-point encrypts the data using a firstencryption key that is unique to the second end-point 120 b. Byencrypting the data using the first encryption key, the first end-point120 a is able to ensure that no other device is able to decipher thecommunication in route to the second end-point 120 b.

Further, the devices and methods described above may be practiced by acomputer system including one or more processors and computer-readablemedia such as computer memory. In particular, the computer memory maystore computer-executable instructions that when executed by one or moreprocessors cause various functions to be performed, such as the actsrecited in the embodiments.

Embodiments of the present invention may comprise or utilize a specialpurpose or general-purpose computer including computer hardware, asdiscussed in greater detail below. Embodiments within the scope of thepresent invention also include physical and other computer-readablemedia for carrying or storing computer-executable instructions and/ordata structures. Such computer-readable media can be any available mediathat can be accessed by a general purpose or special purpose computersystem. Computer-readable media that store computer-executableinstructions are physical storage media. Computer-readable media thatcarry computer-executable instructions are transmission media. Thus, byway of example, and not limitation, embodiments of the invention cancomprise at least two distinctly different kinds of computer-readablemedia: physical computer-readable storage media and transmissioncomputer-readable media.

Physical computer-readable storage media includes RAM, ROM, EEPROM,CD-ROM or other optical disk storage (such as CDs, DVDs, etc.), magneticdisk storage or other magnetic storage devices, or any other mediumwhich can be used to store desired program code means in the form ofcomputer-executable instructions or data structures and which can beaccessed by a general purpose or special purpose computer.

A “network” is defined as one or more data links that enable thetransport of electronic data between computer systems and/or modulesand/or other electronic devices. When information is transferred orprovided over a network or another communications connection (eitherhardwired, wireless, or a combination of hardwired or wireless) to acomputer, the computer properly views the connection as a transmissionmedium. Transmissions media can include a network and/or data linkswhich can be used to carry or desired program code means in the form ofcomputer-executable instructions or data structures and which can beaccessed by a general purpose or special purpose computer. Combinationsof the above are also included within the scope of computer-readablemedia.

Further, upon reaching various computer system components, program codemeans in the form of computer-executable instructions or data structurescan be transferred automatically from transmission computer-readablemedia to physical computer-readable storage media (or vice versa). Forexample, computer-executable instructions or data structures receivedover a network or data link can be buffered in RAM within a networkinterface module (e.g., a “NIC”), and then eventually transferred tocomputer system RAM and/or to less volatile computer-readable physicalstorage media at a computer system. Thus, computer-readable physicalstorage media can be included in computer system components that also(or even primarily) utilize transmission media.

Computer-executable instructions comprise, for example, instructions anddata which cause a general purpose computer, special purpose computer,or special purpose processing device to perform a certain function orgroup of functions. The computer-executable instructions may be, forexample, binaries, intermediate format instructions such as assemblylanguage, or even source code. Although the subject matter has beendescribed in language specific to structural features and/ormethodological acts, it is to be understood that the subject matterdefined in the appended claims is not necessarily limited to thedescribed features or acts described above. Rather, the describedfeatures and acts are disclosed as example forms of implementing theclaims.

Those skilled in the art will appreciate that the invention may bepracticed in network computing environments with many types of computersystem configurations, including, personal computers, desktop computers,laptop computers, message processors, hand-held devices, multi-processorsystems, microprocessor-based or programmable consumer electronics,network PCs, minicomputers, mainframe computers, mobile telephones,PDAs, pagers, routers, switches, and the like. The invention may also bepracticed in distributed system environments where local and remotecomputer systems, which are linked (either by hardwired data links,wireless data links, or by a combination of hardwired and wireless datalinks) through a network, both perform tasks. In a distributed systemenvironment, program modules may be located in both local and remotememory storage devices.

Alternatively, or in addition, the functionality described herein can beperformed, at least in part, by one or more hardware logic components.For example, and without limitation, illustrative types of hardwarelogic components that can be used include Field-programmable Gate Arrays(FPGAs), Program-specific Integrated Circuits (ASICs), Program-specificStandard Products (ASSPs), System-on-a-chip systems (SOCs), ComplexProgrammable Logic Devices (CPLDs), etc.

The present invention may be embodied in other specific forms withoutdeparting from its spirit or characteristics. The described embodimentsare to be considered in all respects only as illustrative and notrestrictive. The scope of the invention is, therefore, indicated by theappended claims rather than by the foregoing description. All changeswhich come within the meaning and range of equivalency of the claims areto be embraced within their scope.

What is claimed is:
 1. A computer system for managing secure networkcommunications, comprising: one or more processors; and one or morecomputer-readable media having stored thereon executable instructionsthat when executed by the one or more processors configure the computersystem to perform at least the following: receive, at a controller, aunique hardware identifier from a first end-point that is incommunication with a network; determine that the unique hardwareidentifier is present within a mission profile, wherein the missionprofile comprises an indication of a second end-point to which thefirst-endpoint is allowed to communicate; and communicate to the firstend-point a first encryption key that is uniquely matched to adecryption key privately held by the second end-point.
 2. The computersystem as recited in claim 1, wherein the executable instructionsinclude instructions that are executable to configure the computersystem to: receive, at the controller, a device profile from the firstend-point, wherein the device profile indicates a particular device thatis in direct communication with the first end-point; determine that thedevice profile is present within a mission profile as being associatedwith the first end-point; and communicate to either the first end-point,or a second end-point, or both, a first translation profile, wherein thefirst translation profile comprises a communication protocol forcommunicating with the particular device, and a software translation forallowing a first device's data to be understood by the second device. 3.The computer system as recited in claim 2, wherein the first end-pointcomprises a plurality of different hardware adaptors that are configuredfor connecting to different devices and at least one network adapterthat is configured for connecting to the network, the network adaptorbeing different than the plurality of hardware adaptors.
 4. The computersystem as recited in claim 3, wherein the translation profile comprisesinstructions for communicating over a particular hardware adaptorselected from the plurality of hardware adaptors.
 5. The computer systemas recited in claim 1, wherein the controller comprises the missionprofile stored in memory, the mission profile comprising: one or moreencryption keys corresponding to one or more decryption keys for the oneor more end-points that are allowed to connect to the network; anddefinitions of one or more security levels for the one or more devicesthat are allowed to connect to the network.
 6. The computer system asrecited in claim 1, wherein the executable instructions includeinstructions that are executable to configure the computer system to:communicate to the first end-point a first authorization code, whereinthe first authorization code is unique to the first end-point.
 7. Thecomputer system as recited in claim 6, wherein the executableinstructions include instructions that are executable to configure thecomputer system to: generate the first authorization code through a hashthat is specific to the unique hardware identifier of the firstend-point.
 8. The computer system as recited in claim 6, wherein theexecutable instructions include instructions that are executable toconfigure the computer system to: address communication to the firstend-point by associating the first authorization code with thecommunication.
 9. A computer system for managing secure networkcommunications by an end-point, comprising: one or more processors; andone or more computer-readable media having stored thereon executableinstructions that when executed by the one or more processors configurethe computer system to perform at least the following: communicate, to acontroller, a unique hardware identifier that is associated with a firstend-point; receive from the controller a first encryption key that isuniquely matched to a decryption key privately held by a secondend-point; receive device data from a first device in directcommunication with the first end-point; and communicate the device datato the second end-point, wherein the device data is encrypted using thefirst encryption key.
 10. The computer system as recited in claim 9,wherein the executable instructions include instructions that areexecutable to configure the computer system to: communicate to thecontroller a device profile from the first end-point, wherein the deviceprofile indicates the first device that is in direct communication withthe first end-point; and receive from the controller a first translationprofile, wherein the first translation profile comprises a communicationprotocol for communicating with the first device.
 11. The computersystem as recited in claim 10, wherein the first end-point comprises aplurality of different hardware adaptors that are configured forconnecting to different devices and at least one network adapter that isconfigured for connecting to the network, the network adaptor beingdifferent than the plurality of hardware adaptors.
 12. The computersystem as recited in claim 11, wherein the translation profile comprisesinstructions for communicating over a particular hardware adaptorselected from the plurality of hardware adaptors.
 13. The computersystem as recited in claim 9, wherein the executable instructionsinclude instructions that are executable to configure the computersystem to: communicate to the controller the device profile from thefirst end-point, wherein the device profile indicates the first deviceand a second device that are in direct communication with the firstend-point; and receive from the controller a second translation profile,wherein: the second translation profile comprises a communicationprotocol for communicating with the translation device; and the secondtranslation profile is different than the first translation profile. 14.The computer system as recited in claim 9, wherein the controllercomprises a mission profile stored in memory, the mission profilecomprising: one or more encryption keys corresponding to one or moredecryption keys for the one or more end-points that are allowed toconnect to the network; and definitions of one or more security levelsfor the one or more devices that are allowed to connect to the network.15. The computer system as recited in claim 9, wherein the executableinstructions include instructions that are executable to configure thecomputer system to: receive from the controller a first authorizationcode, wherein the first authorization code is unique to the firstend-point.
 16. The computer system as recited in claim 15, wherein theexecutable instructions include instructions that are executable toconfigure the computer system to: receive, at the first end-point, anetwork communication associated with the second authorization code; anddrop the network communication.
 17. The computer system as recited inclaim 9, wherein the executable instructions include instructions thatare executable to configure the computer system to: receive from thecontroller a second authorization code, wherein the second authorizationcode is unique to the second end-point.
 18. The computer system asrecited in claim 17, wherein the executable instructions includeinstructions that are executable to configure the computer system to:address communication to the second end-point by associating the secondauthorization code with the communication.
 19. The computer system asrecited in claim 9, wherein the first device is not compatible with thecontroller due to different communication protocols.
 20. A method formanaging secure network communications by an end-point, the methodcomprising: communicating, to a controller, a unique hardware identifierthat is associated with a first end-point and a device profile from thefirst end-point, wherein the device profile indicates the first devicethat is in direct communication with the first end-point; receiving, atthe controller, the unique hardware identifier and the device profilefrom the first end-point that is in communication with a network;determining, at the controller, that the unique hardware identifier ispresent within a mission profile, wherein the mission profile comprisesan indication of a second end-point to which the first-endpoint isallowed to communicate; communicating to the first end-point a firstencryption key that is uniquely matched to a decryption key privatelyheld by the second end-point and a first translation profile thatcomprises instructions for communicating over a particular hardwareadaptor with the first device; receiving from the controller the firstencryption key and the translation profile; receiving device data from afirst device in direct communication with the first end-point;generating translated device data from the device data using thetranslation profile, wherein the translated device data is translatedinto a software language that is understandable by the controller; andcommunicating the translated device data to the second end-point,wherein the device data is encrypted using the first encryption key.